From e8e75813ab549d03b0ac482fe0e1e86ee660b8b0 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 11 Mar 2022 11:49:05 +0100
Subject: chore(proxy): add module for stand-alone ms-specific proxy-service
 application

---
 .../MsConnectorSpringResourceProviderTest.java     | 56 ++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/MsConnectorSpringResourceProviderTest.java

(limited to 'ms_specific_proxyservice/src/test/java/at/asitplus')

diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/MsConnectorSpringResourceProviderTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/MsConnectorSpringResourceProviderTest.java
new file mode 100644
index 00000000..2da6b316
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/MsConnectorSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.asitplus.eidas.specific.proxy.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.asitplus.eidas.specific.proxy.MsSpecificEidasProxySpringResourceProvider;
+import at.gv.egiz.eaaf.core.test.TestConstants;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class MsConnectorSpringResourceProviderTest {
+
+  @Test
+  public void testSpringConfig() {
+    final MsSpecificEidasProxySpringResourceProvider test =
+        new MsSpecificEidasProxySpringResourceProvider();
+    for (final Resource el : test.getResourcesToLoad()) {
+      try {
+        IOUtils.toByteArray(el.getInputStream());
+
+      } catch (final IOException e) {
+        Assert.fail("Ressouce: " + el.getFilename() + " not found");
+      }
+
+    }
+
+    Assert.assertNotNull("no Name", test.getName());
+    Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+  }
+
+  @Test
+  public void testSpILoaderConfig() {
+    final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH);
+    try {
+      final String spiFile = IOUtils.toString(el, "UTF-8");
+
+      Assert.assertEquals("Wrong classpath in SPI file",
+          MsSpecificEidasProxySpringResourceProvider.class.getName(), spiFile);
+
+
+    } catch (final IOException e) {
+      Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found");
+
+    }
+  }
+
+}
-- 
cgit v1.2.3


From 7f0a925a72dc9841280e66fcba1515af62b9efdf Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 15:24:01 +0200
Subject: test(core): add smoke test with full eIDAS OutGoing login and
 error-handling

---
 .../proxy/test/FullStartUpAndProcessTest.java      | 480 +++++++++++++++++++++
 1 file changed, 480 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java

(limited to 'ms_specific_proxyservice/src/test/java/at/asitplus')

diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
new file mode 100644
index 00000000..bc6f5317
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
@@ -0,0 +1,480 @@
+package at.asitplus.eidas.specific.proxy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.Map;
+import java.util.TimeZone;
+import java.util.Timer;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.ignite.Ignition;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.ImmutableSet;
+
+import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class FullStartUpAndProcessTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String FINAL_REDIRECT = "https://localhost/ms_proxy/public/secure/finalizeAuthProtocol?pendingid=";
+  private static final String ERROR_REDIRECT = "https://localhost/ms_proxy/public/secure/errorHandling?errorid=";
+  
+  
+  @Autowired private WebApplicationContext wac;
+
+  @Autowired private ResourceLoader resourceLoader;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+  
+  @Autowired private IdAustriaAuthSignalController idAustriaEndpoint;
+  @Autowired private IdAustriaAuthMetadataProvider idAustriaMetadata;
+  @Autowired private IdAustriaAuthCredentialProvider credentialProvider;
+  
+  @Autowired private EidasProxyServiceController eidasProxyEndpoint;
+  @Autowired private ProtocolFinalizationController finalize;
+
+  @Autowired private IStatusMessenger messager;
+
+  /**
+   * jUnit class initializer.
+   * @throws InterruptedException In case of an error
+   * @throws ComponentInitializationException  In case of an error
+   * @throws InitializationException In case of an error
+   *
+   */
+  @BeforeClass
+  @SneakyThrows
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.clearProperty("eidas.ms.configuration");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+
+    EaafOpenSaml3xInitializer.eaafInitialize();
+    
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   *
+   */
+  @Before
+  public void setup() throws IOException {
+    DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac);
+    @SuppressWarnings("rawtypes")
+    Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class);
+    for (FilterRegistrationBean<?> filter : filters.values()) {
+      if (filter.isEnabled()) {
+        builder.addFilter(filter.getFilter(), "/*");
+
+      }
+    }
+
+    LogMessageProviderFactory.setStatusMessager(messager);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void simpleError() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+  
+    
+    // send WRONG response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, RandomStringUtils.randomAlphanumeric(15));
+    idaHttpReq.addParameter("SAMLResponse", RandomStringUtils.randomAlphabetic(25));
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(ERROR_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(ERROR_REDIRECT.length());
+    assertFalse("final errorId", finalPendingReqId.isEmpty());
+    
+    // set-up error-handling request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("errorid", finalPendingReqId);
+    MockHttpServletResponse respErrorPage = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respErrorPage));
+    
+    // execute error-handling step
+    finalize.errorHandling(finalizationReq, respErrorPage);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("errorPage", 200, respErrorPage.getStatus());
+    assertEquals("errorPage", "text/html;charset=UTF-8", respErrorPage.getContentType());
+    String errorPage = respErrorPage.getContentAsString();
+    assertNotNull("errorPage is null", errorPage);
+    assertFalse("errorPage is empty", errorPage.isEmpty());   
+    assertTrue("Missing errorCode", errorPage.contains("auth.26"));
+    
+  }
+  
+  @Test
+  @SneakyThrows
+  public void simpleSuccess() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+    // validate SAML2 request to IDA system
+    String saml2ReqId = validateSaml2Request(saml2ReqB64, spCountryCode);
+    
+    // build SAML2 response from IDA system
+    String saml2RespB64 = buildSaml2Response(saml2ReqId);
+    
+    
+    // send response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, saml2RelayState);
+    idaHttpReq.addParameter("SAMLResponse", saml2RespB64);
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+    // set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+    MockHttpServletResponse respToEidasProxy = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respToEidasProxy));
+    
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, respToEidasProxy);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("forward to finalization", 200, respToEidasProxy.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", respToEidasProxy.getContentType());
+    String forwardPage = respToEidasProxy.getContentAsString();
+    assertNotNull("forward to eIDAS Node is null", forwardPage);
+    assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty());
+
+    String eidasNodeRespToken = extractRequestToken(forwardPage, "<input type=\"hidden\" name=\"token\" value=\"");
+    assertFalse("eidas req. token", eidasNodeRespToken.isEmpty());
+    
+    // validate eIDAS light-response to eIDAS node
+    validateEidasLightResponse(eidasNodeRespToken);        
+    
+    
+  }
+
+
+  @SneakyThrows
+  private void validateEidasLightResponse(String eidasNodeRespToken) {    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());
+    
+    ILightResponse lightResp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(eidasNodeRespToken, 
+        attrRegistry.getCoreAttributeRegistry().getAttributes());
+
+    SimpleDateFormat dateTimeParser = new SimpleDateFormat("yyyy-MM-dd");
+    dateTimeParser.setTimeZone(TimeZone.getTimeZone("UTC"));
+       
+    assertNotNull("ligth-response", lightResp);    
+    assertEquals("eIDAS statusCode", "urn:oasis:names:tc:SAML:2.0:status:Success", lightResp.getStatus().getStatusCode());
+    assertEquals("eIDAS LoA", "http://eidas.europa.eu/LoA/high", lightResp.getLevelOfAssurance());
+    assertEquals("eIDAS attribute size", 4, lightResp.getAttributes().size());
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", "QVGm48cqcM4UcyhDTNGYmVdrIoY=");    
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", "Max");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", "Mustermann");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+        new DateTime(dateTimeParser.parse("1940-01-01").getTime(), DateTimeZone.UTC));
+
+
+                  
+  }
+
+  private void checkEidasAttribute(ImmutableAttributeMap attributes, String attrName, Object expected) {
+    ImmutableSet<? extends AttributeValue<Object>> attr = attributes.getAttributeValuesByNameUri(attrName);
+    assertNotNull("Attribute: " + attrName, attr);
+    assertFalse("Empty AttributeValue: " + attrName, attr.isEmpty());
+    assertNotNull("AttributeValue: " + attrName, attr.asList().get(0));
+    assertEquals("Wrong AttributeValue: " + attrName, expected, attr.asList().get(0).getValue());
+    
+  }
+
+  @SneakyThrows  
+  private String validateSaml2Request(String saml2ReqB64, String spCountryCode) {
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), 
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2ReqB64)));
+
+    // check requested attributes
+    assertEquals("wrong number of extension elements", 
+        1, authnReq.getExtensions().getOrderedChildren().size());
+    assertEquals("wrong number of requested attributes", 
+        4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
+                
+    return authnReq.getID();
+  }
+
+  @SneakyThrows
+  private String buildSaml2Response(String saml2ReqId) {
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_EID.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true, saml2ReqId);    
+    return Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+            "UTF-8"));
+    
+  }
+  
+  private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
+      boolean validConditions, String saml2ReqId) throws SamlSigningException, XMLParserException, UnmarshallingException,
+      Pvp2MetadataException {
+
+    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        FullStartUpAndProcessTest.class.getResourceAsStream(responsePath));
+    response.setIssueInstant(Instant.now());
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue(idpEntityId);
+    response.setIssuer(issuer);
+    response.setInResponseTo(saml2ReqId);
+    
+    if (validConditions) {
+      response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60));
+
+    }
+
+    return Saml2Utils.signSamlObject(response, credential, true);
+  }
+  
+  @SneakyThrows
+  private void injectIdAustriaSaml2Metadata() {
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(METADATA_PATH);
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    idAustriaMetadata.addMetadataResolverIntoChain(fileSystemResolver);
+    
+    
+  }
+
+  private String extractRequestToken(String selectionPage, String selector) {
+    int start = selectionPage.indexOf(selector);
+    assertTrue("find no starting element of selector", start > 0);
+    int end = selectionPage.indexOf("\"", start + selector.length());
+    assertTrue("find no end tag", end > 0);
+    return selectionPage.substring(start + selector.length(), end);
+
+  }
+  
+  @SneakyThrows
+  private String injectEidas2AuthnReq(MockHttpServletRequest proxyHttpReq) {    
+    String spCountryCode = "XX";
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+            .build());
+    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());    
+    BinaryLightToken token = springManagedSpecificConnectorCommunicationService.putRequest(authnReqBuilder.build());        
+    proxyHttpReq.addParameter(EidasParameterKeys.TOKEN.toString(), Base64Utils.encodeToString(token.getTokenBytes()));
+    
+    return spCountryCode;
+    
+  }
+  
+}
-- 
cgit v1.2.3


From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 12:32:16 +0200
Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based
 on external configuration

---
 .../ProxyAuthenticationDataBuilderTest.java        | 395 +++++++++++++++++++++
 1 file changed, 395 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java

(limited to 'ms_specific_proxyservice/src/test/java/at/asitplus')

diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
new file mode 100644
index 00000000..ee2c8d8c
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
@@ -0,0 +1,395 @@
+package at.asitplus.eidas.specific.proxy.test.builder;
+
+import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.ignite.Ignition;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.Sets;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class ProxyAuthenticationDataBuilderTest {
+
+  
+  @Autowired
+  private AuthenticationDataBuilder authenticationDataBuilder;
+
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+
+  private Map<String, String> spConfig;
+  private ServiceProviderConfiguration oaParam;
+
+  private String eidasBind;
+  private String authBlock;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_3.properties");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    
+    EaafOpenSaml3xInitializer.eaafInitialize();
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+  
+  @Before
+  @SneakyThrows
+  public void initialize() throws EaafStorageException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+    oaParam = new ServiceProviderConfiguration(spConfig, basicConfig);
+    oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX");
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    authBlock = RandomStringUtils.randomAlphanumeric(20);
+    eidasBind = RandomStringUtils.randomAlphanumeric(20);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, authBlock);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, eidasBind);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5));
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+        RandomStringUtils.randomAlphabetic(2));
+
+    LocaleContextHolder.resetLocaleContext();
+
+  }
+  
+  @Test
+  @SneakyThrows
+  public void eidasProxyModeSimple() throws EaafAuthenticationException {
+    // initialize state
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        "http://eidas.europa.eu/LoA/high");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+         PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+         RandomStringUtils.randomAlphabetic(2));
+        
+    String randAttr = RandomStringUtils.randomAlphabetic(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        randAttr, RandomStringUtils.randomAlphabetic(10));
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(randAttr, 
+        PvpAttributeDefinitions.BPK_NAME,
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, 
+        PvpAttributeDefinitions.BIRTHDATE_NAME,
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME));
+    
+    
+    // execute
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);
+    Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class));
+    Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+        
+    Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName());
+    Assert.assertEquals("GivenName", "Max", authData.getGivenName());
+    Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth());
+    
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel());
+    Assert.assertEquals("EID-ISSUING-NATION",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+        authData.getCiticenCountryCode());
+    
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, bpk);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    
+    Assert.assertEquals("random optional attr.",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            randAttr),
+        authData.getGenericData(randAttr, String.class));
+    
+  }
+  
+  
+  @Test
+  public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+            
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String commonMandate = RandomStringUtils.randomAlphabetic(10);
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "XFN+" + sourcePinMandate);
+        
+  }
+  
+  private void injectRepresentativeInfosIntoSession() throws EaafStorageException {
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    
+    String givenName = RandomStringUtils.randomAlphabetic(10);
+    String familyName = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirth = "1956-12-08";
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+    String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC);
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk);
+    
+    //set LoA level attribute instead of explicit session-data
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+    .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, 
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel());
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null);
+    
+  }
+  
+  private void checkGenericAttribute(IAuthData authData, String attrName, String expected) {
+    assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class));
+    
+   }
+  
+}
-- 
cgit v1.2.3


From cab2ab4ddb85b305d77798073b868cf42a7e0111 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 14:56:42 +0200
Subject: chore(core): minory style, test and validation fixes

---
 .../asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ms_specific_proxyservice/src/test/java/at/asitplus')

diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
index bc6f5317..2fe7ee05 100644
--- a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
@@ -384,7 +384,7 @@ public class FullStartUpAndProcessTest {
     assertEquals("wrong number of extension elements", 
         1, authnReq.getExtensions().getOrderedChildren().size());
     assertEquals("wrong number of requested attributes", 
-        4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
+        5, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
                 
     return authnReq.getID();
   }
-- 
cgit v1.2.3